We’re always eager for new research and learning opportunities, but this time, serendipitously, the opportunity found us. At the closing party of the Hack In The Box Amsterdam conference — where we presented our industrial radio research and ran a CTS contest — we were given LED wristbands to wear. They’re flashing wristbands meant to enhance the experience of an event, party, or show. At the beginning, we were not interested in the security impact; we just wanted to learn. Later on, however, we discovered that the RF link was used to transport an industrial protocol: DMX512 (Digital MultipleX 512), the same protocol used to pilot large light exhibitions.

Industrial Control Systems (ICS) are a hot topic in the security industry today, thanks to the prevalence of software that is often riddled with security flaws and legacy protocols that were designed without any type of security. Many of these systems were designed in a different time, when the world was quite different. ICS systems used to be isolated, Internet access was rare and expensive, and hacking knowledge was not as widespread as it is today. It would be very difficult for a programmer to have foreseen some of the security issues that have now come about. As a result, however, this often translates to cases where solutions are developed to get the most out of the system while maintaining a cost-conscious mindset. As a result, there are cases where software and protocols that were never meant to be part of an ICS system end up as part of such a system.

Security Predictions for 2020

Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.Read our security predictions for 2020.

Business Process Compromise

Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more,
read our Security 101: Business Process Compromise.